Creating External Identity Provider Configurations

Function

This API is used to create configurations for an external identity provider. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.

URI

POST /v1/identity-stores/{identity_store_id}/external-idp

**Table 1** Path parameters
Parameter	Mandatory	Type	Description
identity_store_id	Yes	String	Globally unique ID of an identity source.

Request Parameters

**Table 2** Parameters in the request header
Parameter	Mandatory	Type	Description
X-Security-Token	No	String	Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required.

**Table 3** Parameters in the request body
Parameter	Mandatory	Type	Description
idp_saml_metadata	No	String	SAML metadata of an identity provider. Either the SAML settings or the SAML metadata of an identity provider must be configured.
idp_certificate	No	String	Identity provider certificate, which is used together with the identity provider's SAML settings.
idp_saml_config	No	idp_saml_config object	SAML settings of an identity provider. Either the SAML settings or the SAML metadata of an identity provider must be configured.

**Table 4** idp_saml_config
Parameter	Mandatory	Type	Description
entity_id	No	String	Issuer ID of an identity provider.
login_url	No	String	Login link of an identity provider.

Response Parameters

Status code: 201

**Table 5** Parameters in the response body
Parameter	Type	Description
hws_sp_saml_config	SPSAMLConfig object	Service provider configuration.
idp_certificate_id	String	Globally unique ID of an identity provider certificate.
idp_certificate_ids	Array of strings	List of globally unique IDs of identity provider certificates.
idp_id	String	Globally unique ID of an external identity provider.

**Table 6** SPSAMLConfig
Parameter	Type	Description
acs_url	String	Response address of a service provider's assertion.
issuer	String	Service provider issuer.
metadata	String	Service provider metadata.

Status code: 400

**Table 7** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Unique ID of a request.

Status code: 403

**Table 8** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Unique ID of a request.
encoded_authorization_message	String	Encrypted error message.

Example Request

Creating configurations for an external identity provider

POST https://{hostname}/v1/identity-stores/{identity_store_id}/external-idp

{
  "idp_saml_metadata" : "<?xml version=\"1.0\" encoding=\"utf-8\"?><EntityDescriptor ID=\"_678cd4a8-4915-4e2d-a4ce-6*************cd/saml2\" /></IDPSSODescriptor></EntityDescriptor>"
}

Example Response

Status code: 201

Successful

{
  "hws_sp_saml_config" : {
    "acs_url" : "https://cn-north-4-signin.huaweicloud.com/v1/platform/saml/acs/xxxxxxx",
    "issuer" : "https://cn-north-4.signin.huaweicloud.com/platform/saml/xxxxxx",
    "metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?>xxxxxxx</md:EntityDescriptor>"
  },
  "idp_certificate_id" : "553523a6-ebde-4570-xxxxxxx",
  "idp_certificate_ids" : [ "553523a6-ebde-4570-xxxxxxx" ],
  "idp_id" : "a48e3f1b-59f8-4b8f-xxxxxxx"
}

Status Codes

Status Code	Description
201	Successful.
400	Bad request.
403	Forbidden.

Error Codes

For details, see Error Codes.

Parent topic: Identity Provider Management

Previous topic: Identity Provider Management

Next topic: Querying External Identity Provider Configurations

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.